salvacybersec/keyhunter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(05-01): complete verification foundation plan

Browse Source 
Wave 0 contracts for the verification engine are in place:
- VerifySpec extended with SuccessCodes/FailureCodes/RateLimitCodes/MetadataPaths/Body
- Finding extended with Verified/VerifyStatus/VerifyHTTPCode/VerifyMetadata/VerifyError
- findings table schema migrated with verify_* columns (fresh + legacy DBs)
- gjson dep wired as direct require
- VRFY-02, VRFY-03 marked complete
This commit is contained in:
salvacybersec
2026-04-05 15:44:20 +03:00
parent aec559d2aa
commit 177888bfa8
4 changed files with 143 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.planning/REQUIREMENTS.md
View File

@@ -42,8 +42,8 @@ Requirements for initial release. Each maps to roadmap phases.
### Verification
- [ ] **VRFY-01**: Active key verification via lightweight API calls when --verify flag is set
- [ ] **VRFY-02**: Verification is opt-in only (off by default) with consent prompt on first use
- [ ] **VRFY-03**: Each provider YAML defines verify endpoint, method, headers, success/failure codes
- [x] **VRFY-02**: Verification is opt-in only (off by default) with consent prompt on first use
- [x] **VRFY-03**: Each provider YAML defines verify endpoint, method, headers, success/failure codes
- [ ] **VRFY-04**: Verification extracts additional metadata (org, rate limit, permissions) when available
- [ ] **VRFY-05**: Configurable verification timeout (default 10s, --verify-timeout flag)
- [ ] **VRFY-06**: Legal disclaimer and documentation ships with verification feature